Rusty Gilmore presents at the ProNet Systems Executive Briefing 2014

Posted on 17, Dec | Posted by RMA

ProNet Systems hosted their annual Executive Briefing on December 9th, at the City Club in Raleigh, NC. The event was titled, “Keeping up with Security Trends and Technologies. Some of the key speakers included:

• Alan Jelley, ProNet Systems, Inc. – New Technology Advancements and Trends
• Nathan Schroeder, Focus Sales; Ryan Bach, Avigilon – Totally Integrated Access & High Resolution Video
• Rusty Gilmore, Computer Forensic Consultant, Risk Management Consultants – Hacking and Computer Security 101
• Lou Tunno, HID – Latest Credential And Biometric Development The Smart Phone as a Credential
• Nathan Schroeder, Focus Sales; Ryan Bach, Avigilon – Advances in High Definition Video and Video Analytics

Dana Frentz and Emily Liner of RMA attended the ProNet Systems seminar.

Continue reading

Kevin McQuade Attends Tyco Security Design Symposium

Posted on 25, Nov | Posted by RMA

Kevin McQuade, CPP of RMA attended the 2014 Tyco Security Design and Technology Symposium in Florida. This symposium was a three day event that focused on security related technology products offered by Tyco Security. The symposium focused on the Tyco technologies in intrusion detection, access control, real time location systems and video management systems. They also presented information pertaining to the Tyco Physical Security Information System (PSIM) and how multiple manufactures, not just Tyco security products are able to be monitored by a single user interface. The last presentation was a roadmap to where Tyco is headed in the future which a complete unification of their security products.

Continue reading

RMA Welcomes Michael Epperly as Director of Investigations

Posted on 30, Oct | Posted by RMA

Risk Management Associates, Inc. (RMA), recently reengaged Michael Epperly mre1.jpgto lead our investigations division. Michael previously served as RMA’s vice president and general counsel. Mike’s experience as a consultant, investigator and attorney make his addition a valuable asset to both RMA and its clients. Michael is a graduate of Campbell University and former law enforcement officer and will serve as our Director of Investigations, focusing on white collar crime, misappropriation, due diligence, compliance and ethics investigations and consulting.

Epperly, a native of Roanoke, Virginia, received his Juris Doctorate degree in 2002, and served in various investigative capacities in Virginia law enforcement before moving to North Carolina to begin his legal career. Prior to his hiring by RMA, Epperly worked for the NC Attorney General’s office and as the lead investigator for the NC Innocence Commission, where he investigated post-conviction claims of innocence by examining new evidence not presented at trial. Epperly also served as an intelligence officer in the US Navy.

“I am honored to once again be associated with RMA,” said Epperly. “RMA has a long history of superior investigative outcomes. Much of this success is directly attributable to the unrivaled skill and integrity of its people. RMA has a proud tradition of pairing each client with investigators and analysts who are uniquely qualified to deal with the issues at hand, and who also have the courage and integrity to report the truth – even when not favorable to the client. I intend to ensure that this tradition continues, and am both honored and humbled by this opportunity.”

Continue reading

Security Suggestions – The Cloud and Your Data

Posted on 1, Oct | Posted by Russell W. Gilmore, CISSP, CISM, EnCE

The CloudI am often asked to discuss IT and data security as it relates to storing data on the Cloud. Nine out of ten times I am asked two inevitable questions: “What is the Cloud?” and “Where is the Cloud?”. Hopefully I will answer these questions as I discuss ways to keep your data secure on the Cloud.

There are a number of services that allow you to store data on their servers. Examples of these for an individual or a small business are Dropbox, Sharefile, Google Mail, iCloud, Google Drive, Office 365, and many more. These services quite often are automatically connected to you by your smartphone, iPhone, laptop and/or your desktop computer once you initially login. Think about using your phone – you don’t have to type in a password to get your Gmail each time. As long as you can access the email app on your phone, you’re in. This is because you have instructed the app to trust your smartphone as a conduit to get your Gmail. This goes for almost any mail account you access from your device.

Go one step further and consider that you may have an account with Dropbox, Office 365, or Sharefile. The same concept applies – you have instructed the app to trust your smartphone as a conduit. To make matters worse, if you have these accounts available on your laptop or desktop they too are accessible without typing in a password once you have initially logged in. This is most often the case because we have instructed the app to remember our password.

Now that we understand – to just a small degree – what the Cloud is as it relates to most users and what as individuals we may have on the Cloud, let’s discuss how to keep it secure. First, don’t store sensitive information in the Cloud. I am not talking about using the online version of TurboTax, for example. I am referring to storing birth certificates, passports, and other scanned documents with sensitive information. There is nothing wrong with a safe deposit box for items like these.

Don’t use the same password for every account and change passwords regularly. I believe that password security is such an important issue I could write an entire topic on it. By using the same password for email, banking, computer login, online purchases, social media sites, and other activities, you jeopardize the security of all of your accounts if just one gets hacked. Hackers are smart enough to know that if your password to “website.com” is 12345678 and your user name to “website.com” is user@gmail.com, they will try and login to the Gmail account with the password they have uncovered. You should choose a random password and change it at least every 90 days if not sooner.

Consider reading the terms of service or user agreements to find out how the service works. This is very important if you intend to take advantage of a free 30-day trial. It is possible you will not have access to the data after 30 days without paying for the service. Think about encrypting your data or utilizing a service that includes encryption with data storage.

These are just a few suggestions for securing your data on the Cloud, and this is only a starting point.
I am not suggesting that no one should use the Cloud for storing data. For the most part, everyone who uses a computer, smartphone, or tablet is using the Cloud already. The Cloud can be an efficient way to centralize and share data with authorized users. I am suggesting you use it wisely, securely, and with the knowledge that you have done everything possible to protect the data you put on the Cloud.

Continue reading

ASIS Chapter 119 and Region 4B Women in Security Meeting

Posted on 10, Sep | Posted by RMA

The second quarterly ASIS Chapter 119 and Region 4B Women in Security meeting was hosted by Risk Management Associates on Wednesday, September 10, 2014. Anita Jelley of ProNet Systems was instrumental in setting the meeting. Russell Gilmore CISSP, CISM, EnCE of RMA gave an informative presentation on Computer Forensics. RMA had a big turnout of attendees that included Christine Peterson, Dana Frentz, and Tasha Dyson. Christine Peterson, provided registration/handouts to the group for the upcoming NC Piedmont Chapter 82 seminar being held October 27-28. For more information on ASIS Chapter 119 Women in Security, please contact Dana Frentz.

Continue reading

RMA attends Piedmont Advantage Credit Union Grand Opening

Posted on 14, Aug | Posted by RMA

RMA President, Christine Peterson attended the Grand Opening Celebration of Advantage Way, the new corporate headquarters and flagship branch of the Piedmont Advantage Credit Union in Winston-Salem, North Carolina on August 14, 2014. This flagship branch provides the credit union with the opportunity to better serve existing and future Members in Winston-Salem.

Continue reading

Third Annual ASIS Seminar and Exhibits Conference

Posted on 30, Jun | Posted by RMA

On June 24, 2014, the local ASIS Chapter 119 held their third annual ASIS Seminar and Exhibits Conference at the PNC Arena in Raleigh, NC. There were four guest speakers who discussed a variety of security and safety related topics. The speakers were Glen Faber of Purdue Pharmaceuticals, Frank Pisciotta of Business Protection Specialists, Floyd Allen of Global SIGMA Academy of Safety & Security, and Lou Velasco of the FBI. There were 18 vendors with booths exhibiting the latest technology in the security industry. The conference was a huge success, and there were over 100 people who registered and attended the sessions. Attendees received certification credits related to the ASIS CPP, PSP, and PCI for attending the conference. It is the local chapter’s plan to continue to grow this one-day conference and seminar.

Continue reading

Security Assessment at Appalachian State University

Posted on 30, May | Posted by RMA

The specific objective of this project was to provide the University with a “snapshot” of the existing security program in place at the BB Dougherty Administration Building, any gaps in the program, and potential responses to the gaps identified. Security policy, procedures, systems and organization were examined for level of technology, appropriate application, and the efficiency and effectiveness of deployment. Consultants prepared specific recommendations to address the deficiencies or gaps identified. Recommendations addressed each threat/vulnerability in a practical and pragmatic manner.

Appalachian State University is nestled in the Blue Ridge Mountains of North Carolina. Appalachian State University offers a challenging academic environment, energetic campus life and breathtaking location. Appalachian combines the best attributes of a small liberal arts college with those of a large research university. Known for its value and affordability, Appalachian enrolls about 17,000 students and offers more than 150 undergraduate and graduate majors. Small classes and close interactions between faculty and students create a strong sense of community, which has become an Appalachian hallmark. Appalachian, located in Boone, N.C., is one of 16 universities in the University of North Carolina system.

Continue reading

NC companies’ secrets at risk, cyber terrorism experts say

Posted on 22, Jul | Posted by RMA

In this day and age, sometimes it is difficult to discern truth from fiction. Greg Baker is an expert in the area of cyber terrorism and a leader in developing public/private relationships that work. In the later years of his career with the FBI, he was the face of InfraGard North Carolina.

InfraGard is an information sharing and analysis effort serving the interests and combining the knowledge base of a wide range of members. At its most basic level, InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States.

We recommend this article on cyber terrorism and data theft. Both Greg Baker and Ryan Johnson provide good insight on the problem and steps that can be taken to lessen the possibility of your company becoming a victim of this costly crime. Take stock in what your company should do to enhance the security surrounding its sensitive and important data. Do some research and don’t be afraid to ask questions. It can be beneficial to have someone from the outside review and analyze the strengths and weaknesses of you company’s network and provide advice on what steps can be taken to secure your company network, systems, and data.

Whether a company works on classified contracts or not they are at risk of cyber terrorism. Most of the time, companies do not even realize that they may be a target. No one wants to find out that their systems have been compromised, but most either have or will be. How does your company address its cyber vulnerabilities?

Read the original article here.

Meat, tobacco, furniture and surgical products are just a few of the North Carolina exports booming in the Chinese market. North Carolina businesses’ secrets are also in high demand overseas, and cyber terrorism experts say many companies are not doing enough to fend off hackers.

Continue reading

Situational Awareness Information Bulletin

Posted on 29, Jan | Posted by RMA

JosephDeanHillBetween December 26, 2012 and January 10, 2013, the below identified subject was able to breach security at two identified private sector facilities and two Government facilities in the Raleigh/Durham/Chapel Hill area.

Joseph Dean Hill
Aliases: Mark, Mark Johnson, Joseph Turnag

The identified subject was observed operating a black Nissan Pathfinder with NC plate BEK-9106 in two of the incidents. The subject also has a 2004 Nissan Maxima registered in DMV with NC plate XNM-6071.

It is believed he piggy-backed off employees and/or used social engineering techniques to gain access to secure areas. In each incident, the subject gave Security false names and explanations for his presence at their facility. During each encounter, the subject was confronted by Security and escorted off the premises.

The subject has been subsequently confronted by local, state and federal law enforcement about these incidents at which time he could not provide a credible explanation for his actions.
JDHill-cctv1JDHill-cctv2

 
 
 
 
 
 
 
If your agency has information that this subject has made attempts or succeeded in breaching security at other facilities in your jurisdiction, please contact the NC Information Sharing and Analysis Center (ISAAC) at 919-716-1111, or by email at NCISAAC@ncdoj.gov.
Continue reading